Privacy Notice
About this page
This privacy notice and cookie policy below explains how Greyhawk Intelligence Group (“Greyhawk“, “we“, “our“, “us“) processes the personal data of the following individuals:
- Individuals who instruct us on behalf of our corporate clients and contacts (“Corporate Contacts”, “you”, “your”);
- individuals about whom we hold personal data by virtue of the provision of our services (“you”, “your”);
- visitors to and users of our website (“Users”, “you”, “your”) hosted at www.greyhawk-uk.com (the “Site“), including how we use cookies on the Site.
Where we are instructed by clients who instruct us in their individual capacity, we will process their personal data in accordance with our separate Privacy Notice for Individual Clients (which can be found below).
From time to time Greyhawk may provide services to its clients as a data processor (and so we are not a data controller in respect of the personal data of others that we may process on your behalf), this privacy notice describes how Greyhawk processes your personal data in the circumstances described in this privacy notice where we are a data controller in respect of your personal data (including in our capacity as the owner and operator of the Site).
Greyhawk Intelligence Group Limited (a UK registered company, registered in England with company number 07953361) is the data controller under UK and EU data protection laws.
How we collect your personal data
When you use the Site, we collect your personal data in the following ways:
- when you access and navigate around the Site (please see the Cookie Policy below); and
- when you contact us via the Site, for example in order to find out more about our services.
We collect Corporate Contacts’ personal data in the following ways:
- from the information you provide to us when you interact with us before the organisation you represent becomes a client, for example when you express your interest in our services;
- when you instruct us on behalf of your organisation to provide services, sign an engagement letter and provide information about you to us in connection with those instructions;
- when you communicate with us by telephone, email or via the Site, for example in order to make enquiries or raise concerns;
- in various other ways as you interact with us during your time as a Corporate Contact of Greyhawk, for the various purposes set out below; and
- from third parties and publicly available sources, for example in order to carry out required due diligence on you or your organisation before we accept your organisation’s instructions.
We collect personal data about individuals we investigate in the following ways:
- from third parties, such as:
- supervisory authorities, agencies, government departments, law enforcement bodies, courts, organisations, councils, authorities, regulators or other bodies similar to any of the above;
- Commercial information providers, search engines and online platforms;
providers of social media platforms (such as Facebook, Google, LinkedIn and Instagram); - Third party intermediaries;
- Corporate Contacts and individuals to whom we provide our services;
- From publicly available sources, such as:
- Companies House and local equivalents;
- the electoral roll;
- directly from you.
The types of personal data we collect
We collect the following types of personal data about Users of the Site:
- Names and contact details, including email addresses and telephone numbers, obtained when you contact us via the Site;
- Other information that Users provide through the Site, for example in emails, including your company or organisation details and information about any services that Users express an interest in;
- Information about Users’ browsing activity collected through the use of cookies including details of your domain name, location and internet protocol (IP) address, operating system, browser version, the content viewed during a particular browsing session, and how long a User stayed on a particular page. Please see the Cookie Policy below.
In addition, we may also collect the following types of personal data about our Corporate Contacts:
- Biographical and contact information, including dates of birth, nationality and contact information such as address, email address and telephone number;
- Identification and due diligence information, including passport information, proof of address, national insurance number (or other tax identification number) and due diligence information such as the results of anti-money laundering and ‘know your client’ procedures; and
- Instructions related information, including information you provide us when you instruct us on behalf of your organisation to provide services.
In addition, we may also collect the following types of personal data about individuals we are investigating:
- Details about you relevant to the investigation we are undertaking on behalf of our client(s), including personal data provided to us by our client and personal data collected from the sources set out above.
We do not knowingly collect or otherwise process special categories of data. In some cases, in order to provide certain services to our clients and/or to enable our client to comply with their own regulatory obligations, we may process information related to criminal prosecutions and convictions.
How we use your personal data
We collect personal data about you in order to:
- Administer our business and carry out business activities.
- Manage our relationship with you where relevant including:
- to send you important notices such as communications about changes to our terms and conditions and policies (including this privacy notice);
- to provide you with important real-time information about services you have ordered from us (e.g. a change of time or location due to unforeseen circumstances);
- to send you information you have requested;
- to deal with your enquiries; and
- to ask you to leave a review or feedback on us.
- For internal purposes to use data analytics, to identify usage trends, determine and measure the effectiveness of promotional campaigns and advertising and to improve our website, products/services, marketing, client relationships and experiences.
- Protect our business including to deal with any misuse of our website and to comply with our security policies at our locations.
- Use your personal data to comply with our own legal and industry obligations.
- Use your personal data in an official role which we have been designated to carry out by an official authority (e.g. supervisory authorities, agencies, government departments, law enforcement body, courts, organisations, councils, authorities, regulators and bodies similar to any of the above.) or where we are otherwise carrying out tasks which are in the public interest (e.g. which have been designated as such by government, or which would otherwise be deemed in the public interest).
- To detect and prevent fraud and other illegal activities (and to assist regulators, trade bodies and law enforcement agencies in relation to the same).
- Finance, restructure, sell, make ready for sale or dispose of our business in whole or in part including to any potential buyer or their advisers.
- Investigate and defend any third-party claims or allegations.
- Fulfil our services. This could include:
- the provision of our core services including research and intelligence services, litigation support services, strategic advice, and all other advisory and consulting services;
- making or receiving payments, fees and charges; and
- collecting and recovering money owed.
The basis for processing your personal data and how we use it
When we use your personal data we are required to have a legal basis for doing so. There are various different legal bases upon which we may rely, depending on what personal data we process and why.
The legal bases we may rely on include:
- Consent: where you have given us clear consent for us to process your personal information for a specific purpose. You can withdraw your consent at any time, but we may continue to process your personal data on rely on another lawful basis where it is appropriate to do so;
- Contract: where our use of your personal data is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract;
- Legal obligation: where our use of your personal data is necessary for us to comply with the law (not including contractual obligations);
- Public task: where our use of your personal data is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law;
- Legal claims: processing is necessary for the establishment, exercise or defence of legal claims;
- Legitimate interests: where our use of your personal data is necessary for our legitimate interests or the legitimate data of a third party (unless there is a good reason to protect your personal data which overrides our legitimate interests). Our legitimate interests include:
- the recovery of debt;
- the provision of administration and / or IT services;
- the security of our IT network;
- the prevention of fraud;
- marketing of our services;
- the reorganisation or sale or refinancing of the business or a group restructure;
- developing and improving our services;
- developing our strategy;
- protecting our business and property;
- the provision of our services.
- Vital interests: the processing is necessary in order to protect the vital interests of an individual e.g. where there is a medical emergency at one of our premises.
Where we are processing special category personal data one of the following conditions may also apply including:
- explicit consent;
- personal data which are manifestly made public by you;
- necessary for the establishment, exercise or defence of legal claims;
- necessary for archiving purposes in the public interest; scientific or historical research purposes or statistical purposes;
- necessary to protect an individual’s vital interests where the individual cannot give consent;
- necessary for reasons of substantial public interest;
- necessary in relation to your or our rights in the field of employment and social security and social protection law.
Sharing your information with others
For the purposes referred to in this privacy notice and relying on the bases for processing as set out above, we share your personal data with certain third parties, including:
- our group companies and affiliates;
- providers of outsourced services to us (for example, IT vendors, cloud storage providers, and any third party we engage to administer the Site on our behalf);
- third parties to the extent necessary for the establishment, exercise or defence of legal rights in relation to our services;
- external professional advisers such as accountants, bankers, insurers, auditors and lawyers;
- where relevant supervisory authorities, agencies, government departments, law enforcement agencies, courts, organisations, councils, social services, authorities and regulators or bodies similar to any of the above;
- with a third party in a business transaction, in the event that all or part of Greyhawk is acquired, dissolved, merged or involved in a similar transaction;
- corporate Contacts and individuals to whom we provide our services; and
- those of our staff and consultants providing services to you or your organisation.
International data transfers
In the course of providing our services or interacting with you via the Site, we may transfer your personal data to a country or territory outside of the United Kingdom or to the extent relevant the EEA, for example where it is processed by staff operating outside the United Kingdom/the EEA who work for us or for one of our suppliers, or where personal data is processed by one of our suppliers who is based outside the United Kingdom or the EEA or who uses storage facilities outside the United Kingdom or the EEA.
In these circumstances, your personal data will only be transferred on one of the following bases:
- a decision provides that the country or territory to which the transfer is made ensures an adequate level of protection; or
- there are appropriate safeguards in place such as binding corporate rules, approved model contractual clauses or other approved transfer mechanism such as the IDTA or Addendum; or
- there exists another situation where the transfer is permitted under applicable law (for example, where we have your explicit consent).
How long personal data is kept
We will store your personal data for the time period which is appropriate in accordance with the following criteria:
- the on-going business operation / relationship that we have with you;
- the completion of the purpose for which the personal data was given;
- our legal obligations in relation to that personal data and other legal requirements;
- the type and size of the data held and whether any if it is deemed to be special category personal data; or
- our accounting requirements in relation to that personal data.
We keep the length of time that we hold your personal data for under regular review.
Your rights in relation to personal data
Under data protection laws, you have the following rights in relation to our processing of your personal data. Please note that these rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
- to obtain access to the type of personal data that we hold about you;
- to require us to correct the personal data we hold about you if it is incorrect;
- to require us to erase your personal data in certain circumstances;
- to require us to restrict our data processing activities in certain circumstances;
- to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on you;
- to receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller; and
- where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal.
Note: If you have given your consent and you wish to withdraw it, please contact mail@greyhawk-uk.com or using the contact details set out below. Please note that where our processing of your personal data relies on your consent and where you then withdraw that consent, we may not be able to provide all or some aspects of our services to your organisation and/or it may affect the provision of those services.
If you are not satisfied with how we are processing your personal data, you have the right to make a complaint to the Information Commissioner or relevant supervisory authority.
Contact us
If you have any queries about this privacy notice or how we process your personal data, or if you wish to exercise any of your rights under applicable law, you may contact us:
- by email: mail@greyhawk-uk.com
- by telephone: 020 7406 7510
- or by post: Data Protection, Greyhawk, Holborn Gate, 26 Southampton Buildings, London WC2A 1AN, United Kingdom.
Cookies
The Site uses cookies. A “cookie” is a small text file which is sent by our Site’s server and stored on your computer or other device when you access the Site. These cookies are used for the purpose of improving your experience of the Site by remembering your preferences, the places you have visited, and other information that you have provided to us. When you use the Site, you will be asked to confirm whether you agree to the Site using cookies and, if you accept, we will store cookies on your device. You can if you wish change the cookies settings on your device to refuse cookies. However, if you do this, or if you reject our request to use cookies when you visit our Site, you may be unable to access certain parts of the Site and/or you may not be able to benefit from the full functionality of the Site.
We use the following cookies for the following purposes:
Privacy Notice for Individual Clients
About this document
This privacy notice explains how Greyhawk Intelligence Group (“Greyhawk”, “we“, “our“, “us“) collects, uses and shares your personal data, and your rights in relation to the personal data we hold about you. This privacy notice concerns our processing of personal data of our clients who instruct us in an individual capacity (“you“, “your“). Where we are instructed by clients who are not individuals (for example, companies and firms), we may still process certain personal data of the staff instructing us on behalf of those corporate clients but we will do so in accordance with our separate Privacy Notice for Corporate Contacts and Website Users (available on our website at include link here.)
Notwithstanding that Greyhawk typically provides services to its clients as a data processor (and so we are not a data controller in respect of the personal data of others that we may process on your behalf), this privacy notice describes how Greyhawk processes your personal data as our client, in the circumstances described in this privacy notice where we are a data controller in respect of your personal data.
Greyhawk Intelligence Group Limited (a UK registered company, registered in England with company number 07953361) is the data controller of your personal data and is subject to the General Data Protection Regulation (the “GDPR“) as applied by the UK Data Protection Act 2018.
How we collect your information
We collect your personal data in a number of ways, for example:
- from the information you provide to us when you interact with us before becoming a client, for example when you express your interest in our services;
- when you instruct us to provide services to you, sign an engagement letter and provide information about you to us in connection with those instructions;
- when you communicate with us by telephone, email or via our website, for example in order to make enquiries or raise concerns;
- in various other ways as you interact with us during your time as a client of Greyhawk, for the various purposes set out below; and
- from third parties and publicly available sources, for example in order to carry out required due diligence checks on you before we accept your instructions.
The types of information we collect
We collect the following types of personal data about you:
- Biographical and contact information, including your name, dates of birth, nationality and contact information such as address, email address and telephone number;
- Identification and due diligence information, including passport information, proof of address, national insurance number (or other tax identification number) and due diligence information such as the results of anti-money laundering and ‘know your client’ background checks; and
- Financial and instructions related information, including bank account number (used for receipt of funds) and any information you provide us when you instruct us to provide services to you.
We may also collect sensitive personal data, including information concerning your health and medical conditions (for example, disability and dietary needs) and data relating to criminal convictions and offences, where relevant, in each case as is necessary for the provision of our services to you.
How we use your information
The purposes for which we may use personal data (including sensitive personal data) we collect about you during your association with us as our client include:
- the provision of our core services to you, including research and intelligence services, litigation support services, strategic advice, and all other advisory and consulting services (and, in each case, for the offer and provision of services to you, as set out in each client engagement letter).
Note: we will process the personal data of anyone who is the subject of integrity due diligence and similar services only on your instructions and acting as a data processor for you as data controller.
- administrative purposes, including administering finance, administering IT systems, and carrying out audits (for example, to ensure compliance with our legal obligations).
- promoting our services (for example, providing you with briefings and other publications, details of events, or information about our other services which may be of interest to you).
Note: if you do not wish to receive such information, please let us know now or at any time in the future, and your details will be removed from our mailing list(s).
The basis for processing your information and how we use it
- We process your personal data because it is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract. In this respect, we use your personal data for the following:
- to interact with you before you become a client, for example when you express your interest in our services (for example, to send you promotional material or answer enquiries about our services);
- once you have engaged us and become a client, to provide you with the services as set out in our engagement letter;
- for billing and financial management purposes;
- corresponding and interacting with you (or others acting on your behalf) about our services, including to deal with any concerns, enquiries or feedback you may have; and
- for record keeping purposes, so that we have a record of your instructions and the research findings and other support we provided to you.
- We also process your personal data because it is necessary for our or a third party’s legitimate interests. Our “legitimate interests” include our commercial interests in operating our business in a client focused, discreet and efficient manner, in accordance with all applicable legal requirements. In this respect, we may use your personal data for the following:
- outsourcing selected ‘back office’ functions to third parties (for example, vendors of hosted software solutions or cloud storage providers) for the purposes of efficient, fast and secure access to information across Greyhawk Intelligence Group;
- to monitor and evaluate the performance and effectiveness of our services, and to seek advice on our rights and obligations, where relevant, such as where we require our own legal advice; and
- to keep you informed (by letter, telephone, email and other electronic means) of our services which may be of interest to you. If you do not wish to receive such information, please let us know now or at any time in the future, and your details will be removed from our mailing list(s).
- We also process your personal data for our compliance with our legal obligations. In this respect, we may use your personal data for the following:
- to meet our legal obligations, such as tax reporting requirements to which we are subject;
- in order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities.
- We also process your personal data where:
- it is necessary for reasons of substantial public interest (for example, where the due diligence checks we carry out involve our processing data relating to criminal convictions and offences);
- it is necessary for the establishment, exercise or defence of legal claims (for example, to protect and defend our rights or property, and/or the rights or property of our clients, or of third parties); or
- we have your specific or, where necessary, explicit consent to do so (for example, where our processing of sensitive personal data is included in your instructions and/or otherwise relevant for the advice and other assistance we provide to you and you permit us to have and use that information).
Sharing your information with others
For the purposes referred to in this privacy notice and relying on the bases for processing as set out above, we share your personal data with certain third parties, including:
- those of our staff and consultants providing services to you;
- law firms and other service providers who are advising you alongside us;
- providers of outsourced services to us (for example, IT suppliers and cloud storage providers);
- internal and external auditors; and
- with a third party in a business transaction, in the event that all or part of Greyhawk is acquired, dissolved, merged or involved in a similar transaction which involves the transfer of client files.
International data transfers
In the course of providing services to you, we may transfer your personal data to a country or territory outside of the European Economic Area (“EEA”), for example where it is processed by staff operating outside the EEA who work for us or for one of our suppliers, or where personal data is processed by one of our suppliers who is based outside the EEA or who uses storage facilities outside the EEA.
In these circumstances, your personal data will only be transferred on one of the following bases:
- a European Commission decision provides that the country or territory to which the transfer is made ensures an adequate level of protection; or
- where the transfer is subject to one or more of the “appropriate safeguards” for international transfers prescribed by the GDPR (for example, standard data protection clauses adopted by the European Commission); or
- there exists another situation where the transfer is permitted under applicable law (for example, where we have your explicit consent).
How long your information is kept
We will retain your personal data for as long as we are providing you with the services referred to in any relevant engagement letter or any other contract, including our General Terms and Conditions, and for as long as permitted or required for legal or regulatory purposes after the relationship between you and us has ended, or if your instructions for us to provide particular services are declined or abandoned.
Subject to any other notices that we may provide to you, we will typically retain your personal data for a period of seven years after your association with us has come to an end. However, some information may be retained for longer than this, for example where we need to retain it in relation to any claims made against us.
Your rights in relation to personal data
Under the GDPR, you have the following rights in relation to our processing of your personal data. Please note that these rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
- to obtain access to, and copies of, the personal data that we hold about you;
- to require us to correct the personal data we hold about you if it is incorrect;
- to require us to erase your personal data in certain circumstances;
- to require us to restrict our data processing activities in certain circumstances;
- to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on you;
- to receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller; and
- where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal.
Note: If you have given your consent and you wish to withdraw it, please contact us using the contact details set out below. Please note that where our processing of your personal data relies on your consent and where you then withdraw that consent, we may not be able to provide all or some aspects of our services to you and/or it may affect the provision of those services.
If you are not satisfied with how we are processing your personal data, you have the right to make a complaint to the Information Commissioner (or another data protection supervisory authority in the EU, including the data protection regulator in the EU country where you are located).
Contact us
If you have any queries about this privacy notice or how we process your personal data, or if you wish to exercise any of your rights under applicable law, you may contact us:
- by email: mail@greyhawk-uk.com
- by telephone: 020 7406 7510
- or by post: Data Protection, Greyhawk, Holborn Gate, 26 Southampton Buildings, London WC2A 1AN